AMENDMENTS TO THE CLAIMS 

1. (Currently Amended) A system, comprising: 

a processor configured to operate in an operating mode, wherein the operating mode is one of a 

plurality of operating modes including a secure operating mode; 
one or more secured assets coupled to the processor; [[and]] 

security hardware configured to control access to the secured assets dependant upon the 
operating mode of the processor, wherein the security hardware is configured to allow access to 
the secure assets in the secure operating mode , and wherein the security hardware comprises a 
mailbox RAM configured to store input and output data, wherein the mailbox RAM includes an 
inbox for storing input data for the one or more secured assets and an outbox for storing output 
data from the one or more secured assets . 

2. (Original) The system of claim 1, wherein the secured assets comprise one or more of the 
group consisting of: 

a random number generator, 
a secure management register, 
a monotonic counter, and 
a secure memory. 

3. (Original) The system of claim 1, wherein the security hardware comprises: 

an initiation register, wherein an entry in the initiation register is an indication to change 
the operating mode of the processor to the secure mode. 
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4. (Original) The system of claim 1, wherein the secure operating mode comprises system 
management mode. 

5. (Currently Amended) The system of claim 1, wherein the security hardware comprises: 

a kick-out timer configured to provide an indication to the processor of when the 
processor is to exit the secure mode. 

6. (Currently Amended) The system of claim 5, wherein the security hardware further 
comprises: 

a re-initiation timer configured to provide an indication to the processor [[to]] of when 
the processor isto exit the secure mode into a standard mode. 

7. (Original) The system of claim 1, wherein the security hardware comprises: 

a duration timer configured to operate while the processor is operating in the secure 
mode, wherein the duration timer is configured to provide an indication of how 
long the processor is in the secure mode. 

8. (Original) The system of claim 7, wherein the security hardware comprises: 

a kick-out timer configured to provide an indication to the processor of when the 
processor is to exit the secure mode. 

9. (Original) The system of claim 8, wherein the kick-out timer and the duration timer 
comprise a single timer. 
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10. (Original) The system of claim 8, wherein the security hardware further comprises: 

a re-initiation timer configured to provide an indication to the processor to re-enter the 
secure mode. 

11. (Canceled) 

12. (Currently Amended) The system of claim I [[1 1]], wherein the input data for the one or 
more secured assets is addressed to the inbox of the mailbox RAM. 

13. (Currently Amended) The system of claim I [[1 1]], wherein the output data from the one 
or more secured assets is retrieved from an address at the outbox of the mailbox RAM. 

14. (Currently Amended) The system of claim i [[1 1]], wherein the security hardware further 
comprises: 

access filters configured to provide input data or access requests to the inbox of the 
mailbox RAM if the processor is operating in the secure operating mode, wherein 
the access filters are further configured not to provide input data to the inbox of 
the mailbox RAM if the processor is not operating in the secure operating mode, 
and wherein the access filters are further configured to provide a predetermined 
response in lieu of data upon receipt of said access requests if the processor is not 
operating in the secure operating mode. 
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15. (Original) The system of claim 1, wherein the security hardware further comprises: 
scratchpad RAM, wherein each of the one or more secured assets is configured to access 

the scratchpad RAM for the storage of data. 

1 6. (Currently Amended) The system of claim 1 , further comprising: 

a memory for storing data, wherein the memory is coupled to the processor and the processor is 
configured to store and retrieve data from the memory in [[substantially all]] at least a 
portion of the plurality of operating modes. 

17. (Original) The system of claim 1, wherein the security hardware comprises: 

access filters configured to provide access requests to one or more of the one or more 
secured assets when the processor is operating in the secure operating mode, 
wherein the access filters are further configured to provide a predetermined 
response in lieu of data if the processor is not operating in the secure operating 
mode. 

18. (Original) The system of claim 17, wherein the security hardware further comprises: 
access locks coupled to the access filters, wherein the access locks are configured to 

disable the access filters in an unlocked mode. 

19. (Original) The system of claim 1, further comprising: 

a battery, wherein the battery provides reserve power to the one or more secured assets. 
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20. (Original) The system of claim 1, further comprising: 

a battery, wherein the battery provides reserve power to the security hardware. 

21. (Currently Amended) A method for providing access to secured assets in a computer 
system, the method comprising: 

switching the computer system between a first operating mode and a second operating mode, 
where second operating mode comprises a secure operating mode; 

restricting access to the secured assets in response to the computer system being in the first 
operating mode; and 

permitting access to the secured assets in response to the computer system being in the secure 
operating mode , wherein permitting access to the secured assets comprises reading output 
data from or writing input data to a mailbox RAM from which the secure assets write the 
output data and read the input data . 

22. (Original) The method as set forth in claim 21, wherein the secure assets comprise a 
secure memory, and wherein permitting access to the secured assets comprises reading data from 
or writing data to the secure memory. 

23. (Original) The method as set forth in claim 21, wherein the secure assets comprise a 
random number generator, and wherein permitting access to the secured assets comprises 
requesting a random number from the random number generator and receiving the random 
number from the random number generator. 
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24. (Original) The method as set forth in claim 21, wherein the secure assets comprise a 
monotonic counter, and wherein permitting access to the secured assets comprises requesting a 
value stored in the monotonic counter and receiving the value stored in the monotonic counter. 

25. (Original) The method as set forth in claim 21, further comprising: 

receiving a request to change the computer system from the first operating mode to the secure 
operating mode. 

26. (Original) The method as set forth in claim 25, wherein receiving a request to change the 
computer system comprises providing an entry into an initiation register and asserting a control 
signal indicative of the entry in response to providing the entry. 

27. (Original) The method as set forth in claim 26, wherein asserting the control signal 
indicative of the entry comprises providing a system management interrupt. 

28. (Original) The method as set forth in claim 21, further comprising: 

measuring a time period in which the computer system is in the secure operating mode; and 
providing a control signal to the computer system to exit the secure operating mode in response 

to the time period in which the computer system is in the secure operating mode 

exceeding a predetermined length of time. 

29. (Original) The method as set forth in claim 28, further comprising: 
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measuring a time period in which the computer system is out of the secure operating mode in 
response to providing the control signal to the computer system to exit the secure 
operating mode; and 

providing a control signal to the computer system to re-enter the secure operating mode in 
response to the time period in which the computer system is out of the secure operating 
mode exceeding a predetermined length of time. 

30. (Canceled) 

3 1 . (Original) The method as set forth in claim 2 1 , further comprising: 
receiving an access request for one of the secure assets; and 

wherein restricting access to the secured assets comprises responding with a predetermined 
response in lieu of data in response to receiving the access request for one of the secure 
assets. 

32. (Original) The method as set forth in claim 21, further comprising: 
receiving an access request for one of the secure assets; and 

wherein permitting access to the secured assets comprises providing the access request to the one 
of the secure assets in response to receiving the access request for one of the secure 
assets. 

33. (Original) The method as set forth in claim 21, further comprising: 
setting an access lock to an unlocked state; and 
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wherein permitting access to the secured assets further comprises overriding restricting access to 
the secured assets and providing the access request to the one of the secure assets in 
response to receiving the access request for one of the secure assets and in response to 
setting the access lock to the unlocked state. 

34. (Currently Amended) A system, comprising: 

means for switching the computer system between a first operating mode and a second operating 
mode, where second operating mode comprises a secure operating mode; 

means for restricting access to the secured assets in response to the computer system being in the 
first operating mode; and 

means for permitting access to the secured assets in response to the computer system being in the 
secure operating mode , wherein permitting access to the secured assets comprises reading 
output data from or writing input data to a mailbox RAM from which the secure assets 
write the output data and read the input data . 

35. (Original) The system of claim 34, further comprising: 

means for receiving a request to change the computer system from the first operating mode to the 
secure operating mode. 

36. (Original) The system as set forth in claim 34, further comprising: 

means for measuring a time period in which the computer system is in the secure operating 
mode; and 
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means for providing a control signal to the computer system to exit the secure operating mode in 
response to the time period in which the computer system is in the secure operating mode 
exceeding a predetermined length of time. 

37. (Original) The system as set forth in claim 34, further comprising: 
means for receiving an access request for one of the secure assets; and 

means for responding with a predetermined response in lieu of data in response to receiving the 
access request for one of the secure assets. 

38. (Original) The system as set forth in claim 34, further comprising: 
means for receiving an access request for one of the secure assets; and 

wherein the means for permitting access to the secured assets comprise means for providing the 
access request to the one of the secure assets in response to receiving the access request 
for one of the secure assets. 

39. (Currently Amended) A system, comprising: 

means for processing in an operating mode, wherein the operating mode is one of a plurality of 

operating modes including a secure operating mode; 
one or more secured means coupled to the means for processing, wherein the one or more 

secured means comprise one or more of the group consisting of: 

means for generating a random number or nonce; 

means for storing secure management data; 

means for generating a monotonic value; and 



Serial No. 09/852,372 



10 



means for storing secure data; and 
means for controlling access to the one or more secured means dependant upon the operating 
mode of the processor, wherein the one or more secured means comprise means for 
allowing access to the secure assets in the secure operating mode , and wherein the means 
for allowing access comprises a mailbox RAM configured to store input and output data, 
wherein the mailbox RAM includes an inbox for storing input data for the one or more 
secured assets and an outbox for storing output data from the one or more secured assets . 

40. (Currently Amended) A computer readable program storage device encoded with 
instructions that, when executed by a computer system, performs a method of providing 
access to secured assets in the computer system, the method comprising: 

switching the computer system between a first operating mode and a second operating mode, 
where second operating mode comprises a secure operating mode; 

restricting access to the secured assets in response to the computer system being in the first 
operating mode; and 

permitting access to the secured assets in response to the computer system being in the secure 
operating mode , wherein permitting access to the secured assets comprises reading output 
data from or writing input data to a mailbox RAM from which the secure assets write the 
output data and read the input data . 

41. (Original) The computer readable program storage device as set forth in claim 40, 
wherein the secure assets comprise a secure memory, and wherein permitting access to the 
secured assets comprises reading data from or writing data to the secure memory. 
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42. (Original) The computer readable program storage device as set forth in claim 40, 
wherein the secure assets comprise a random number generator, and wherein permitting access to 
the secured assets comprises requesting a random number from the random number generator 
and receiving the random number from the random number generator. 

43. (Original) The computer readable program storage device as set forth in claim 40, 
wherein the secure assets comprise a monotonic counter, and wherein permitting access to the 
secured assets comprises requesting a value stored in the monotonic counter and receiving the 
value stored in the monotonic counter. 

44. (Original) The computer readable program storage device as set forth in claim 40, the 
method further comprising: 

receiving a request to change the computer system from the first operating mode to the secure 
operating mode. 

45. (Original) The computer readable program storage device as set forth in claim 44, 
wherein receiving a request to change the computer system comprises providing an entry into an 
initiation register and asserting a control signal indicative of the entry in response to providing 
the entry. 
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46. (Original) The computer readable program storage device as set forth in claim 45, 
wherein asserting the control signal indicative of the entry comprises providing a system 
management interrupt. 

47. (Original) The computer readable program storage device as set forth in claim 40, the 
method further comprising: 

measuring a time period in which the computer system is in the secure operating mode; and 
providing a control signal to the computer system to exit the secure operating mode in response 

to the time period in which the computer system is in the secure operating mode 

exceeding a predetermined length of time. 

48. (Original) The computer readable program storage device as set forth in claim 47, the 
method further comprising: 

measuring a time period in which the computer system is out of the secure operating mode in 
response to providing the control signal to the computer system to exit the secure 
operating mode; and 

providing a control signal to the computer system to re-enter the secure operating mode in 
response to the time period in which the computer system is out of the secure operating 
mode exceeding a predetermined length of time. 

49. (Canceled) 
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50. (Original) The computer readable program storage device as set forth in claim 40, the 
method further comprising: 

receiving an access request for one of the secure assets; and 

wherein restricting access to the secured assets comprises responding with a predetermined 
response in lieu of data in response to receiving the access request for one of the secure 
assets. 

51. (Original) The computer readable program storage device as set forth in claim 40, the 
method further comprising: 

receiving an access request for one of the secure assets; and 

wherein permitting access to the secured assets comprises providing the access request to the one 
of the secure assets in response to receiving the access request for one of the secure 
assets. 

52. (Original) The computer readable program storage device as set forth in claim 40, the 
method further comprising: 

setting an access lock to an unlocked state; and 

wherein permitting access to the secured assets further comprises overriding restricting access to 
the secured assets and providing the access request to the one of the secure assets in 
response to receiving the access request for one of the secure assets and in response to 
setting the access lock to the unlocked state. 
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